Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Firefox 16 Re-Released After Serious Security Flaw Is Patched

Less than 24 hours after removing the latest Firefox 16 browser from its downloads page after a serious security flaw surfaces, Mozilla re-releases Firefox 16 to the masses.

The Firefox 16 Web browser is again available for downloads and installation, less than 24 hours after Mozilla removed the latest Firefox browser from its downloads page due to the discovery of a serious security flaw Oct. 10.

The problem that caused Mozilla to pull Firefox 16 back from its distribution and update channels is reported to involve a vulnerability that "could allow a malicious site to potentially determine which Websites users have visited and have access to the URL or URL parameters," Michael Coates, director of security assurance for Mozilla, wrote in an Oct. 10 post on the Mozilla Security Blog. Coates said that Mozilla didn't believe that the vulnerability was yet being exploited through online attacks.

Coates' blog post was updated Oct. 11 to report that the security vulnerability had been repaired and patched. In his original post, Coates advised users that the patched version would be released the next day—a deadline that Mozilla did meet.

"An update to Firefox for Windows, Mac and Linux was released at 12 p.m. PT on Oct 11," Coates wrote. "Users will be automatically updated and new downloads via http://www.mozilla.org/firefox/new/ will receive the updated version (16.0.1)."

Further reading

The updated and repaired Firefox 16 version for Android was released at 9 p.m. PT Oct 10, according to Coates. Version 15 of the browser was not affected by the security flaw.

The repair cycle began Oct. 10 when Firefox 16 was abruptly removed from the company's downloads page after a serious security vulnerability was discovered a day after its original Oct. 9 release, according to Coates' original blog post.

Mozilla's reaction to the flaw was apparently to take no chances and to pull the new release back so it could be fixed.

About two dozen Firefox users posted comments about the problem, in response to Coates' blog post.

"Once this is fixed (hopefully soon!), I would really appreciate some more details as the description of the security flaw is indeed quite vague," wrote a user who identified himself as Martin. "What exactly could have happened in the worst-case scenario?"

Another user, Scouter Scot, wrote: "This is a shame. Not the security violation, but rather Mozilla's brand of notification. How many millions of users are moms, kids, or NFPs that don't know or care to know this site or those like it exist? Who notifies them, Mozilla? If a Google+ user hadn't mentioned it in passing, I never would have known."

User Vik remained confident, despite the problem, writing that: "Firefox is still one of the most secure browsers out there."

Another user, Wilbur, however, was pretty annoyed with Firefox 16 from the start. "It wasn't just a security issue," wrote Wilbur. "Version 16.0 was completely dysfunctional. After 10 to 15 min., it would stop fetching Websites and simply say "Looked up [domain name]" and then stop. Restarting it would recover … for 10 to 15 min. and the problem would repeat."

The original Firefox 16 release unveiled by Mozilla Oct. 9 was touted by the company for having several new features, including default VoiceOver support on Mac OS X, as well as initial Web app support for Windows, Mac and Linux. Also included were 16 bug fixes, including 11 that were rated as critical and three that were rated as high impact.